Hallo,
jetzt hab ich leider auch diesen Virus: Nichts geht mehr und der PC zeigt mir an, dass das Bundesamt für Sicherheit in der Informationstechnik ausgibt bzw. Bundespolizei, GVU etc. meinen Computer gesperrt hätte.
Einen FRST Log hab ich gemäß der anderen Themen bereits erstellt, weiß jemand weiter?
HTML-Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2013 01
Ran by SYSTEM on MININT-3V0GOV6 on 21-10-2013 01:41:23
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-06] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] ()
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\Default\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [911184 2010-06-12] (Microsoft Corporation)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [wlstart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [911184 2010-06-12] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Gast\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2013-10-08] (SEIKO EPSON CORPORATION)
HKU\PhilippM\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE [241280 2013-10-08] (SEIKO EPSON CORPORATION)
HKU\PhilippM\...\Run: [Google Update] - [x]
HKU\PhilippM\...\Run: [841pc0f] - C:\ProgramData\ppfmbbn\frkq.exe [253952 2013-10-20] ()
HKU\PhilippM\...\Winlogon: [Shell] C:\ProgramData\qfxtrrr\qomnrxb.exe,explorer.exe <==== ATTENTION
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\PhilippM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) =================
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NgVpnMgr; C:\Windows\system32\ngvpnmgr.exe [540968 2013-04-25] (Aventail Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] ()
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{d1c4ba65-0318-50f3-0d62-4646fc7542c2}\ \...\???\{d1c4ba65-0318-50f3-0d62-4646fc7542c2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
S3 ASPI; C:\Windows\SysWow64\Drivers\ASPI32.sys [84832 2002-07-17] (Adaptec)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [26184 2013-04-24] (Aventail Corporation)
S3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2013-04-24] (Aventail Corporation)
S3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [103496 2013-04-24] (Aventail Corporation)
S3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2013-04-24] (Aventail Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S1 SSHDRV61; C:\Windows\SysWow64\Drivers\SSHDRV61.sys [36864 2011-08-02] ()
S1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-03-02] ()
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [x]
S1 TPPWRIF; System32\drivers\Tppwr64v.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-21 01:41 - 2013-10-21 01:41 - 00000000 ____D C:\FRST
2013-10-20 15:07 - 2013-10-20 15:15 - 00000000 ____D C:\ProgramData\msxp
2013-10-20 15:07 - 2013-10-20 15:13 - 00000000 ____D C:\ProgramData\ppemhgy
2013-10-20 15:07 - 2013-10-20 15:07 - 00000000 ____D C:\ProgramData\qfxtrrr
2013-10-20 15:07 - 2013-10-20 15:07 - 00000000 ____D C:\ProgramData\ppfmbbn
2013-10-20 15:06 - 2013-10-20 15:16 - 00000000 ____D C:\ProgramData\nws
2013-10-20 15:06 - 2013-10-20 15:06 - 00000000 ____D C:\Users\PhilippM\AppData\Local\Google
2013-10-20 15:06 - 2013-10-20 15:06 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-14 07:04 - 2013-10-14 07:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-08 04:42 - 2013-10-08 04:41 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\System32\E_GCINST.DLL
2013-10-08 04:42 - 2013-10-08 04:40 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_YLMHVE.DLL
2013-10-08 04:42 - 2013-10-08 04:40 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\E_YD4BHVE.DLL
2013-10-08 04:38 - 2013-10-08 04:38 - 00000000 ____H C:\Users\PhilippM\Documents\Default.rdp
2013-10-08 04:15 - 2013-10-08 04:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-08 03:48 - 2013-10-08 03:48 - 00001410 _____ C:\Users\Public\Desktop\Aventail VPN Connection.lnk
2013-10-08 03:48 - 2013-10-08 03:48 - 00000000 ____D C:\ProgramData\Aventail
2013-10-08 03:48 - 2013-10-08 03:48 - 00000000 ____D C:\Program Files\Aventail Connect
2013-10-08 03:41 - 2013-10-08 03:47 - 00000000 ____D C:\Users\PhilippM\AppData\Roaming\Aventail
2013-10-07 08:17 - 2013-10-07 08:18 - 00050491 _____ C:\Users\PhilippM\ESt2012_Müller_Philipp.elfo
==================== One Month Modified Files and Folders ======= Ansonsten habe ich selbstverständlich nichts Verändert oder unternommen!
Danke schonmal!
21.10.2013, 00:44
Baum-Darstellung